Time for a New Look at Segmentation?

The perimeter protecting the network, once considered impregnable, has been degraded by advanced threats and an explosion in the number of connected devices (and apps running on them) and a new generation of predatory malware attacks.

Since the dawn of the networking era, enterprises built open (flat) networks to offer every user access to (almost) every application. Many of these networks are global, spanning business units and national boundaries with unprecedented connectivity. Amazing. Powerful. Everything and everyone is accessible.

Today that access is now available to adversaries.

Some enterprise networks have become a kind of playground for hackers that offers up everything to everyone with minimal effort, not even the need to wait in line. With a few easily available tools or tactics adversaries can penetrate business critical apps and data. They simply compromise one of a growing population of connected devices.

From a single compromised device, attackers can then access other devices, servers and even printers to establish a robust foothold inside the network. From there they search for privileged users to get privileged access to servers, applications and data. Even with traditional network segmentation this can be a problem. (see diagram)

Because of the difficulty and expense required to protect the entire network from these types of attacks, CISOs are taking steps to segment (or isolate) applications so they cannot be easily reached by adversaries, yet still be reachable by employees.

The problem is too much access, stolen credentials, and the ability for compromised devices to access servers from inside the network.

Segmentation is the new perimeter strategy, and it should begin with the protection of applications and servers from attacks from compromised endpoints. Yet CISOs have been “educated” by PCI compliance to think of server segmentation as a priority, instead of protecting servers from the most common threats.